Add marketplace 2.0 api client#18
Merged
angelmp01 merged 24 commits intoMay 5, 2026
Merged
Conversation
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
added 3 commits
April 21, 2026 10:48
…sage # Conflicts: # api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/controller/ComponentsResponseFactory.java # api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/controller/ProjectComponentsController.java # api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/facade/ComponentsFacade.java # api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/mapper/MarketplaceMapper.java # api-project-component-v0/src/test/java/org/opendevstack/apiservice/project/controller/ProjectComponentsControllerTest.java # api-project-component-v0/src/test/java/org/opendevstack/apiservice/project/facade/ComponentsFacadeTest.java # api-project-component-v0/src/test/java/org/opendevstack/apiservice/project/util/TestObjectsBuilder.java # external-service-marketplace/src/main/java/org/opendevstack/apiservice/externalservice/marketplace/model/ProjectComponent.java # external-service-marketplace/src/main/java/org/opendevstack/apiservice/externalservice/marketplace/service/impl/MarketplaceServiceMockImpl.java
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
…ate components and added mandatory parameters to the marketplace 2.0 provision component call
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
…ent by project key and component ID
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
#20) … Marketplace API client with bearer token support --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
…ds from MarketplaceInstanceConfig and MarketplaceServiceImpl
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
added 2 commits
April 29, 2026 21:33
…nts-api-usage' into feature/real-marketplace-components-api-usage
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
There was a problem hiding this comment.
Pull request overview
This PR introduces a Marketplace 2.0 external-service client (OpenAPI-generated RestTemplate client + multi-instance configuration) and adds a shared core-security module for JWT utilities and OBO token exchange, while adapting the project-component v0 API layer to use the new Marketplace client types.
Changes:
- Add Marketplace 2.0 client factory/config + service implementation using OpenAPI-generated clients.
- Add
core-securitymodule withJwtUtilsandOboTokenService, and switch api-project to use it. - Update project-component v0 facade/controller/mapper and tests to use Marketplace 2.0 models and new exception handling paths.
Reviewed changes
Copilot reviewed 49 out of 50 changed files in this pull request and generated 19 comments.
Show a summary per file
| File | Description |
|---|---|
| persistence/src/main/java/org/opendevstack/apiservice/persistence/repository/AuthorizationPolicyJpaRepository.java | Treat “global” policies as clientId IS NULL or blank via custom JPQL query. |
| persistence/src/main/java/org/opendevstack/apiservice/persistence/dao/PolicyDaoImpl.java | Switch to new repository method for “global” policy lookup. |
| external-service-marketplace/src/test/java/org/opendevstack/apiservice/externalservice/marketplace/service/MarketplaceServiceImplTest.java | Unit tests for new MarketplaceServiceImpl behavior. |
| external-service-marketplace/src/test/java/org/opendevstack/apiservice/externalservice/marketplace/service/CatalogItemOperationsTest.java | Tests for catalog item id utility. |
| external-service-marketplace/src/test/java/org/opendevstack/apiservice/externalservice/marketplace/client/MarketplaceApiClientFactoryTest.java | Tests for instance resolution / factory behavior. |
| external-service-marketplace/src/main/java/org/opendevstack/apiservice/externalservice/marketplace/service/impl/MarketplaceServiceMockImpl.java | Removes old mock implementation. |
| external-service-marketplace/src/main/java/org/opendevstack/apiservice/externalservice/marketplace/service/impl/MarketplaceServiceImpl.java | Adds Marketplace 2.0 service implementation (OBO-authenticated calls, provision/delete/register, etc.). |
| external-service-marketplace/src/main/java/org/opendevstack/apiservice/externalservice/marketplace/service/MarketplaceService.java | Updates MarketplaceService contract to Marketplace 2.0 models and multi-instance support. |
| external-service-marketplace/src/main/java/org/opendevstack/apiservice/externalservice/marketplace/service/CatalogItemOperations.java | Adds helper for catalog item id encoding/decoding/combining. |
| external-service-marketplace/src/main/java/org/opendevstack/apiservice/externalservice/marketplace/model/CreateComponentParameter.java | Removes legacy create-component parameter model. |
| external-service-marketplace/src/main/java/org/opendevstack/apiservice/externalservice/marketplace/exception/MarketplaceException.java | Adds checked exception type for marketplace integration. |
| external-service-marketplace/src/main/java/org/opendevstack/apiservice/externalservice/marketplace/config/MarketplaceServiceConfig.java | Adds configuration properties root for marketplace instances + default instance. |
| external-service-marketplace/src/main/java/org/opendevstack/apiservice/externalservice/marketplace/config/MarketplaceInstanceConfig.java | Defines per-instance properties (base URLs, timeouts, OBO scope, SSL trust, catalog item id). |
| external-service-marketplace/src/main/java/org/opendevstack/apiservice/externalservice/marketplace/client/MarketplaceApiClientFactory.java | Adds factory to build configured RestTemplates/clients per instance. |
| external-service-marketplace/src/main/java/org/opendevstack/apiservice/externalservice/marketplace/client/MarketplaceApiClient.java | Adds wrapper around generated ApiClient + bearer auth setup. |
| external-service-marketplace/pom.xml | Adds OpenAPI generator plugin, dependencies, and core-security dependency. |
| external-service-marketplace/openapi/openapi-component_provisioner-v1.0.0.yaml | Adds provisioner OpenAPI spec for client generation. |
| external-service-marketplace/openapi/openapi-component_catalog-v1.0.0.yaml | Adds catalog OpenAPI spec for client generation. |
| external-service-marketplace/.openapi-generator-ignore | Adds generator ignore patterns. |
| core-security/src/test/java/org/opendevstack/apiservice/core/security/obo/OboTokenServiceTest.java | Adds tests for OBO token exchange service. |
| core-security/src/test/java/org/opendevstack/apiservice/core/security/jwt/JwtUtilsTest.java | Adds tests for JWT helper utilities. |
| core-security/src/main/java/org/opendevstack/apiservice/core/security/obo/OboTokenService.java | Adds OBO token exchange implementation. |
| core-security/src/main/java/org/opendevstack/apiservice/core/security/obo/OboTokenResponse.java | Adds DTO for token endpoint response mapping. |
| core-security/src/main/java/org/opendevstack/apiservice/core/security/obo/OboTokenProperties.java | Adds configuration properties for token exchange (url/id/secret). |
| core-security/src/main/java/org/opendevstack/apiservice/core/security/obo/OboTokenException.java | Adds runtime exception for OBO exchange failures. |
| core-security/src/main/java/org/opendevstack/apiservice/core/security/jwt/JwtUtils.java | Adds shared JWT helper utilities used by other modules. |
| application.yaml | Adds OBO config and marketplace instance config in application config. |
| api-project/src/main/java/org/opendevstack/apiservice/project/util/SecurityUtils.java | Removes project-local SecurityUtils in favor of shared JwtUtils. |
| api-project/src/main/java/org/opendevstack/apiservice/project/controller/ProjectController.java | Switches client-id extraction to shared JwtUtils. |
| api-project/pom.xml | Adds dependency on core-security. |
| api-project-component-v0/src/test/java/org/opendevstack/apiservice/project/util/TestObjectsBuilder.java | Updates test object builders to Marketplace 2.0 models and adds CatalogItem builder. |
| api-project-component-v0/src/test/java/org/opendevstack/apiservice/project/facade/ComponentsFacadeTest.java | Updates facade tests for provision flow and marketplace 2.0 DTOs. |
| api-project-component-v0/src/test/java/org/opendevstack/apiservice/project/controller/advice/ProjectComponentsExceptionHandlerTest.java | Adds tests for new conflict mapping (already-exists). |
| api-project-component-v0/src/test/java/org/opendevstack/apiservice/project/controller/ProjectComponentsControllerTest.java | Updates controller tests for new provision semantics and component-id type change. |
| api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/mapper/StatusMap.java | Adds mapping from marketplace statuses to legacy v0 statuses. |
| api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/mapper/MarketplaceMapper.java | Reworks mapping to use Marketplace 2.0 OpenAPI models and provision parameters. |
| api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/facade/ComponentsFacade.java | Reworks facade to provision via marketplace 2.0 client and fetch catalog item metadata. |
| api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/exception/ComponentRetrievalException.java | Adds retrieval exception wrapper. |
| api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/exception/ComponentNotFoundException.java | Adds overload with cause. |
| api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/exception/ComponentCreationException.java | Adds overload with cause. |
| api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/exception/ComponentBadRequestException.java | Adds bad-request exception type. |
| api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/exception/ComponentAlreadyExistsException.java | Adds already-exists exception type. |
| api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/exception/CatalogItemNotFoundException.java | Adds catalog-item-not-found exception type. |
| api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/controller/advice/ProjectComponentsExceptionHandler.java | Adds handlers for new exception types and retrieval failures. |
| api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/controller/ProjectComponentsController.java | Switches create to “provision” and changes componentId type to string. |
| api-project-component-v0/src/main/java/org/opendevstack/apiservice/project/controller/ComponentsResponseFactory.java | Adds response helpers for conflict and unprocessable entity. |
| api-project-component-v0/pom.xml | Adds dependency on core-security. |
| api-project-component-v0/openapi/api-project-component-v0.yaml | Removes UUID format constraint for componentId parameter. |
| Makefile | Extends clean target to remove targets/generated models and local Maven cache. |
| .gitignore | Ignores generated Marketplace OpenAPI sources directory. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+285
to
+289
| void testGetProjectComponent_NullInstanceName_UsesDefaultClient() throws MarketplaceException { | ||
| // Passing null explicitly as instanceName should resolve via getDefaultInstance -> getAuthenticatedClient | ||
| String projectKey = "PROJ"; | ||
| String componentId = "test-component"; | ||
| MarketplaceInstanceConfig instanceConfig = new MarketplaceInstanceConfig(); |
There was a problem hiding this comment.
This test implies null instanceName should be accepted, but MarketplaceApiClientFactory#getClient(String) is defined to throw on null/blank. Either make MarketplaceServiceImpl resolve null/blank to the default instance, or update the test to align with the factory contract.
Comment on lines
+191
to
+197
| SSLContext context = SSLContext.getInstance("TLS"); | ||
| context.init(null, trustAllCerttificates, new java.security.SecureRandom()); | ||
|
|
||
| HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory()); | ||
| // Intentionally disabling hostname verification for development environments | ||
| HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true); | ||
|
|
There was a problem hiding this comment.
The implementation of configureTrustAllCertificates() mutates global HttpsURLConnection defaults (socket factory + hostname verifier). Even if guarded by config, this leaks outside Marketplace and can unintentionally disable TLS verification for other outbound calls. Rework this to use a per-RestTemplate SSLContext / request factory instead of JVM-global defaults.
Comment on lines
+140
to
+145
| <dependency> | ||
| <groupId>com.google.code.findbugs</groupId> | ||
| <artifactId>jsr305</artifactId> | ||
| <version>3.0.2</version> | ||
| <scope>compile</scope> | ||
| </dependency> |
There was a problem hiding this comment.
There is a second jsr305 dependency declaration later in this POM with a different scope. Remove the duplicate and standardize on one scope to avoid classpath surprises.
Comment on lines
+24
to
+26
| return new String(encodeId( | ||
| new String(decodeId(component.getCatalogItemId())) + new String(decodeId(component.getCatalogItemRef())))); | ||
| } |
There was a problem hiding this comment.
buildCatalogItemId converts decoded Base64 bytes to String without specifying a charset. Specify the charset explicitly when constructing strings from bytes to avoid platform-dependent behavior.
…b.com:opendevstack/ods-api-service into feature/real-marketplace-components-api-usage
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
1 similar comment
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
…on handling in Marketplace API client
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
jorge-romero
requested changes
May 4, 2026
Contributor
jorge-romero
left a comment
jorge-romero
left a comment
There was a problem hiding this comment.
Please review the comments, there are things that should affect some use cases.
| provisioner-actions-base-url: ${MARKETPLACE_PROVISIONER_ACTIONS_BASE_URL:} | ||
| obo-scope: ${MARKETPLACE_OBO_SCOPE:} | ||
| trust-all-certificates: ${MARKETPLACE_TRUST_ALL_CERTS:false} | ||
| catalog-item-id: ${MARKETPLACE_CATALOG_ITEM_ID:} |
Contributor
There was a problem hiding this comment.
this last line should not be needed
| log.warn("No Marketplace instances configured – reporting unhealthy"); | ||
| return false; | ||
| } | ||
| return true; |
Contributor
There was a problem hiding this comment.
Nothing is check, only if it is configured
| * Creates a {@link MarketplaceApiClient} authenticated with an OBO token | ||
| * obtained from the current request's JWT. | ||
| */ | ||
| private MarketplaceApiClient getAuthenticatedClient(String instanceName) throws MarketplaceException { |
Contributor
There was a problem hiding this comment.
Maybe you need 2 methods, for OBO and CC
or in the factory.
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
|
jorge-romero
approved these changes
May 5, 2026
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add Marketplace 2.0 client with config.